Prevented normal users from changing own email

To address #1542

Updates to only allow email changes by users with the users-manage role
permission.

app/Http/Controllers/UserController.php

@@ -146,7 +146,12 @@ class UserController extends Controller
         ]);
 
         $user = $this->userRepo->getById($id);
-        $user->fill($request->all());
+        $user->fill($request->except(['email']));
+
+        // Email updates
+        if (userCan('users-manage') && $request->filled('email')) {
+            $user->email = $request->get('email');
+        }
 
         // Role updates
         if (userCan('users-manage') && $request->filled('roles')) {